A Timing-Based Scheme for Rogue AP Detection

Han, Hao; Sheng, Bo; Tan, Chiu C.; Li, Qun; Lu, Sanglu

doi:10.1109/tpds.2011.125

“…The method described in [25] is a timing-based scheme and explores the expected two hops that happen when the user connects to the DNS server. They used Round Trip Time (RTT) to determine if an AP is legitimate or not.…”

Section: Technique Year Modementioning

confidence: 99%

A Flexible Framework for Rogue Access Point Detection

Gonçalves

¹

,

Correia

²

,

Brandão

³

2018

Proceedings of the 15th International Joint Conference on E-Business and Telecommunications

View full text Add to dashboard Cite

Nowadays wireless communications are ubiquitous and getting over requested. It has become a demand in modern days life; people have to be connected always and everywhere. To meet these needs there is an increasing number of WiFi Access Points (APs), located everywhere: schools, coffee shops, shopping malls, airports, trains, buses, and all the free ones from the Internet Service Providers (ISPs) distributed by users' home networks.Among all these APs how can a user be sure that is connecting to a trusted source?In a small-medium sized company, without spending much money, how do they guarantee their wireless security?In order to address these questions there is the need to detect Rogue Access Points (RAPs). There are solutions described in the literature and enterprise solutions. Relative to the latter, it has become obvious that they are not accessible to everyone (high prices), and the first ones do not address all the types of RAPs.Apart from these solutions we did a thorough study on the most commonly used and recent types of WiFi attacks. With this knowledge we were able to develop a solution to detect RAPs which covers the most commonly known attacks.The proposed solution, is a modular framework composed of Scanners, Detectors and Actuators, which are responsible for: scanning for available APs, apply a set of heuristics to detect RAPs and alert the application user. And finally, apply a countermeasure mechanism.i ResumoHoje em dia, as comunicações sem fios são ubíquas e cada vez mais requisitadas. Tornando-se uma exigência para a maioria das pessoas, causando uma necessidade de estarem ligadas, sempre e em qualquer lugar. Para responder a esta necessidade existe um número crescente de Pontos de acesso (PA) WiFi, localizados em todos os lugares: escolas, cafés, shoppings, aeroportos, comboios, autocarros e os PA gratuitos dos Internet Service Providers (ISPs) distribuídos através das redes domésticas dos utilizadores.Entre todos estes PA como é que um utilizador pode ter certeza de que se está a ligar a uma rede confiável?Numa pequena ou média empresa, sem gastar muito dinheiro, como se pode garantir a segurança da rede sem fios?De forma a responder a estas questões existe a necessidade de se detectar PA rogue. Para tal, existem soluções descritas na literatura e soluções empresariais. Estas últimas, não são acessíveis para todos (preços altos), e as primeiras não abordam todos os tipos de PA rogue.Para além das soluções mencionadas, foi feito um estudo completo aos tipos de ataques mais recentes e frequentes a redes sem fios. Desta forma, foi possível desenvolver uma solução para detectar PA rogue, que cobre os ataques mais conhecidos.A solução proposta é uma ferramenta modular composta por Scanners, Detectors e Actuators, que são responsáveis por: escutar o ar de forma a encontrar PA disponíveis, aplicar um conjunto de heurísticas para detectar PA rogue e alertar os utilizadores. E finalmente aplicar uma contramedida.iii

show abstract

“…Time Interval [29] 2014 Passive Client-side [40] 2012 Passive Cipher types [11] 2012 Passive Duplicate RSSI [30] 2012 Passive ETsniffer (v2) [54] 2012 Active WiFihop [38] 2011 Active DNS server two hops (v2) [25] 2011 Active RAPiD [43] 2010 Passive ETsniffer (v1) [47] 2010 Active DNS server two hops (v1) [24] 2009 Active Active behavioral [10] 2008 Active Authentication + SVM [46] 2006 Active The fingerprint active model in [10] uses network discovery and takes advantage of security tools like Nmap 2 . The method sends a request frame and waits for the response from where it will be able to determine how the devices react to fragmented or manipulated frames.…”

Section: Technique Year Modementioning

confidence: 99%

A Flexible Framework for Rogue Access Point Detection

Gonçalves

¹

,

Correia

²

,

Brandão

³

2018

Proceedings of the 15th International Joint Conference on E-Business and Telecommunications

1

0

View full text Add to dashboard Cite

Nowadays wireless communications are ubiquitous and getting over requested. It has become a demand in modern days life; people have to be connected always and everywhere. To meet these needs there is an increasing number of WiFi Access Points (APs), located everywhere: schools, coffee shops, shopping malls, airports, trains, buses, and all the free ones from the Internet Service Providers (ISPs) distributed by users' home networks.Among all these APs how can a user be sure that is connecting to a trusted source?In a small-medium sized company, without spending much money, how do they guarantee their wireless security?In order to address these questions there is the need to detect Rogue Access Points (RAPs). There are solutions described in the literature and enterprise solutions. Relative to the latter, it has become obvious that they are not accessible to everyone (high prices), and the first ones do not address all the types of RAPs.Apart from these solutions we did a thorough study on the most commonly used and recent types of WiFi attacks. With this knowledge we were able to develop a solution to detect RAPs which covers the most commonly known attacks.The proposed solution, is a modular framework composed of Scanners, Detectors and Actuators, which are responsible for: scanning for available APs, apply a set of heuristics to detect RAPs and alert the application user. And finally, apply a countermeasure mechanism.i ResumoHoje em dia, as comunicações sem fios são ubíquas e cada vez mais requisitadas. Tornando-se uma exigência para a maioria das pessoas, causando uma necessidade de estarem ligadas, sempre e em qualquer lugar. Para responder a esta necessidade existe um número crescente de Pontos de acesso (PA) WiFi, localizados em todos os lugares: escolas, cafés, shoppings, aeroportos, comboios, autocarros e os PA gratuitos dos Internet Service Providers (ISPs) distribuídos através das redes domésticas dos utilizadores.Entre todos estes PA como é que um utilizador pode ter certeza de que se está a ligar a uma rede confiável?Numa pequena ou média empresa, sem gastar muito dinheiro, como se pode garantir a segurança da rede sem fios?De forma a responder a estas questões existe a necessidade de se detectar PA rogue. Para tal, existem soluções descritas na literatura e soluções empresariais. Estas últimas, não são acessíveis para todos (preços altos), e as primeiras não abordam todos os tipos de PA rogue.Para além das soluções mencionadas, foi feito um estudo completo aos tipos de ataques mais recentes e frequentes a redes sem fios. Desta forma, foi possível desenvolver uma solução para detectar PA rogue, que cobre os ataques mais conhecidos.A solução proposta é uma ferramenta modular composta por Scanners, Detectors e Actuators, que são responsáveis por: escutar o ar de forma a encontrar PA disponíveis, aplicar um conjunto de heurísticas para detectar PA rogue e alertar os utilizadores. E finalmente aplicar uma contramedida.iii

show abstract

“…Packets are then relayed from the Evil-twins plug-and-play wireless card to the built-in wireless card. The Evil-twin AP is set up by an adversary to listen to users traffic as they browse the Internet, and to launch several attacks on the victims devices [4,[24][25][26]. The IEEE 802.11 standard states that WLAN clients must connect to the AP that has the strongest signal.…”

Section: Replacementmentioning

confidence: 99%

“…This sub-type seeks to insert an RAP into the WLAN simultaneously with the legitimate AP. In [4], a timing-based scheme was presented that detects RAPs that are injected through a Linux-based machine. In the attacking scenario, the RAP can change its identity by masquerading as the legitimate AP by spoofing the legitimate APs MAC address and SSID.…”

Section: Coexistence Approachesmentioning

confidence: 99%

Rogue Access Point Detection: Taxonomy, Challenges, and Future Directions

Alotaibi

¹

,

Elleithy

²

2016

Wireless Pers Commun

View full text Add to dashboard Cite

Wireless Local Area Networks (WLANs) are increasingly integrated into our daily lives. Access Points (APs) are an integral part of the WLAN infrastructure, as they are responsible for coordinating wireless users and connecting them to the wired side of the network and, eventually, to the Internet. APs are deployed everywhere, from airports and shopping malls to coffee shops and hospitals, to provide Internet connectivity. One of the most serious security problems encountered by WLAN users is the existence of Rogue Access Points (RAPs). This article classifies existing solutions, identifies vulnerabilities, and suggests future directions for research into these RAPs. The ultimate objective is to classify existing detection techniques and find new RAP types that have not been classified by the research community. The literature typically categorizes Evil-twin, Unauthorized, Compromised, and Improperly Configured RAPs. Two other types have largely been abandoned by researchers, but can be classified as Denial of Service RAP attacks. These are deauthentication/disassociation attacks targeting wireless users, and the forging of the first message in a four-way handshake.

show abstract

A Timing-Based Scheme for Rogue AP Detection

Cited by 113 publications

References 22 publications

A Flexible Framework for Rogue Access Point Detection

A Flexible Framework for Rogue Access Point Detection

A Flexible Framework for Rogue Access Point Detection

Rogue Access Point Detection: Taxonomy, Challenges, and Future Directions

Contact Info

Product

Resources

About